Webservices (REST API)

Configuration

REST API access is forbidden by default in web server configuration. You must allow and protect access (for example with htaccess).

You must also enable it in configuration:

$use_restapi = true;

API

Here are available services:

POST /rest/v1/checkpassword.php

Check if a password respect the password policy

Status Codes:

• 200 OK – Successful response

POST /rest/v1/changepassword.php

Allow user to change his own password

Status Codes:

• 200 OK – Successful response

POST /rest/v1/adminchangepassword.php

Allow admin to change the password for a user

Status Codes:

• 200 OK – Successful response

Examples

Check the strength of a password:

curl -X POST \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'newpassword=Wer123456' \
  -u 'authuser:authpwd' \
  http://ssp.example.com/rest/v1/checkpassword.php

Tip

Provide also login and oldpassword if you configured the password policy to check if new password is not the same as old password, not the same as login, or does not contain values from the LDAP entry.

Update password for a user checking the current password first:

curl -X POST \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'login=user1&oldpassword=W1WAf1234567&newpassword=Wer123456' \
  -u 'authuser:authpwd' \
  http://ssp.example.com/rest/v1/changepassword.php

Force a new password for a user:

curl -X POST \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'login=user1&newpassword=Wer123456' \
  -u 'authuser:authpwd' \
  http://ssp.example.com/rest/v1/adminchangepassword.php